DDOS attack Microsoft - Microsoft Windows

This is a discussion on DDOS attack Microsoft - Microsoft Windows ; "Alan Connor" wrote in message
news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net...
> On Tue, 9 Sep 2003 14:52:53 +1200, Max Burke wrote:
> Linux is inherently more secure than XP.
> Linux is much less buggy than XP.
> This can be proven so ...

Re: DDOS attack Microsoft

"Alan Connor" wrote in message
news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net...
> On Tue, 9 Sep 2003 14:52:53 +1200, Max Burke wrote:
> Linux is inherently more secure than XP.
> Linux is much less buggy than XP.
> This can be proven so easily that it is laughable.

All I have heard from you as "proof" is an incorrectly used statistic.

If its so easily proved then prove it. As you regurgitae - just because you
repeat it ad nausium does mean its true. Shoe some valid stats to prove you
assertions on both these statements.
> Here's a clue, Max Burke: Repeating nonsense over and over will not
> make it true.

Re: DDOS attack Microsoft

On Tue, 09 Sep 2003 04:22:11 GMT, Mike Byrns wrote:
>
>
> "Alan Connor" wrote in message
> news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net...
>> Linux is inherently more secure than XP.
>> Linux is much less buggy than XP.
>> This can be proven so easily that it is laughable.
>
> I'll post this for your own good but you'll neither read it or rebut it as
> it as it illuminates how folks like you are hurting, not helping your cause.
> No matter.
>
> MSB
>
> http://www.softpanorama.org/OSS/bad_...cacy_faq.shtml
>
>

I have no cause but truth.

I do NOT want linux to become a consumer product.

I do NOT want linux to become a corporate business.

To do that, it would have to become like windoze, and unfortunately,
some distros are doing that.

I think Windoze, and everything about it SUCKS.

I have never been so furious in my life than when I discovered that the M$
version I was using was sending information to M$ without a WORD or a clue
about it in any of the docs, hardcopy or in the helpfiles.

Or when I tried to delete the AOL files from MY computer, and they actually
replicated themselves, which would not be possible without M$ allowing it.

Or when I just PREVIEWED an email and ended up having to re-install, losing
massive amounts of important data.

So, Billy Boy and all your fascist buddies:

Kiss my ass and get the HELL out of my computer.

You are HISTORY.

This was meant to be a joke, but like all good humor, it is basically true.

(author unknown)

I sent MANY copies to M$ :-)

---------------------------------------------------

Recently one of my friends, a computer wizard,
paid me a visit. As we
were
talking I mentioned that I had recently installed
Windows XP on my PC. I
told him how happy I was with this operating
system and showed him the
Windows XP CD. To my surprise he threw it into my
microwave oven and
turned it on.

Instantly I got very upset, because the CD had
become precious to me,
but
he said: 'Do not worry, it is unharmed.'

After a few minutes he took the CD out, gave it to
me and said: 'Take a
close look at it.'

To my surprise the CD was quite cold to hold and
it seemed to be heavier
than before. At first I could not see anything,
but on the inner edge of
the central hole I saw an inscription, an
inscription finer than
anything
After a few minutes he took the CD out, gave it to
me and said: 'Take a
close look at it.'

To my surprise the CD was quite cold to hold and
it seemed to be heavier
than before. At first I could not see anything,
but on the inner edge of
the central hole I saw an inscription, an
inscription finer than
anything
I had ever seen before. The inscription shone
piercingly bright, and yet
remote, as if out of a great depth:

'No but I can,' he said. 'The letters are Hex, of
an ancient mode, but
the
language is that of Microsoft, which I shall not
utter here. But in
common English this is what it says:

One OS to rule them all,
One OS to find them,
One OS to bring them all
and in the darkness bind them.

It is only two lines from a verse long known in
System lore:

"Three OS's from corporate kings in their towers
of glass,
Seven from valley lords where orchards used to
grow,
Nine from dotcoms doomed to die,
One from the Dark Lord Gates on his dark throne
In the Land of Redmond where the Shadows lie.
One OS to rule them all, one OS to find them,
One OS to bring them all and in the darkness bind
them,
In the Land of Redmond where the Shadows lie."

Re: DDOS attack Microsoft

That is your truth only - you still have not provided _proof_ of your claims
> Linux is inherently more secure than XP.
> Linux is much less buggy than XP.

They appear to be something you just threw into the forest. In fact many
linux distros are shipped with (known) bugs in them just to beet other
distros to the market.
> I do NOT want linux to become a consumer product.

So I guess you are saying you do not want users to use the OS. You just
want it for an elitist little group. Then you want to bag other people who
give consumers what they want plus you want to bag consumers for asking for
what they want.

What world do you live on?

"I do not want television to be a consumer product".
> I do NOT want linux to become a corporate business.

So you do not believe people should be reimbursed for their efforts? Linux
is ALREADY a corporate business. It get sponshorship from everywhere. Its
just as corpratized as elite sports.

Re: DDOS attack Microsoft

In article <7qg7b.90468$bo1.55964@news-server.bigpond.net.au>, User wrote:
> "Alan Connor" wrote in message
>
>> Linux is inherently more secure than XP.
>> Linux is much less buggy than XP.
>
> They appear to be something you just threw into the forest. In fact many
> linux distros are shipped with (known) bugs in them just to beet other
> distros to the market.

"Linux is inherently more secure than XP" is of course bull****. What is
this "inherent-ness"? I say Linux is secure because it has the age-old
Unix security features that have always been in there. I also say XP is
trying to gain on those, and I also say I don't know how well it is doing.
However, I do know that Linux security is in a much better shape than the
security of any MS product as of now.
>> I do NOT want linux to become a consumer product.
>
> So I guess you are saying you do not want users to use the OS. You just

He's just blowing bull. Everyone knows how Linux was born. It became what
it is because Linus listened to his users and added their additions to the
source.

Originally, Linus wrote Linux to be a platform for a simple terminal
emulator so he could connect to the University's real Unix machines. Then
he realized that this thing had become "the GNU Emacs of terminal
emulators" and decided it would become a real operating system. It's all
about users.
>> I do NOT want linux to become a corporate business.
>
> So you do not believe people should be reimbursed for their efforts? Linux
> is ALREADY a corporate business. It get sponshorship from everywhere. Its
> just as corpratized as elite sports.

Linux can be a very lucrative business if you can handle it. It does by no
means mean you have to screw it up, like some Linux distributors tend to
do.

Re: M$ attack on Common Sense

In comp.os.linux.misc Alan Connor wrote:
>>
>> The sad part is it's not just doctors and other small business users. I
>> know a national chain of PET stored that used a few Linux machines and
>> after having reliability problems with them, they have decided to move
>> the Windows 2000.
> I think you are lying.
> Let's see some evidence, please.
> By-the-way, calling someone who disagrees with you a "troll" is lame
> indeed.
> Lying and name-calling do nothing for your cause.
> But then, what other recourse do you have?
> Easier than presenting facts and data and responding to those awkward
> questions, isn't it?

This from Alan? The master of name calling and not presenting evidence
for his assertions? That's so ironic it's gone beyond humerous right
into pathetic.

Re: M$ attack on Common Sense

In comp.os.linux.misc Ed Murphy wrote:
> Well, SCO is a whole other can of worms, seeing as the new owners are
> waving around lots of lawsuits / threats-of-lawsuits, claiming ownership
> of millions of lines of Linux source code, and otherwise (in the words of
> no less an authority than Linus Torvalds himself) "smoking crack".

I never considered SCO UNIX anyway. Any company that makes you pay
extra for TCP/IP networking has completely missed the concept of UNIX.

Re: DDOS attack Microsoft

On Tue, 09 Sep 2003 11:18:22 GMT, Juha Siltala wrote:
>
>
> In article <7qg7b.90468$bo1.55964@news-server.bigpond.net.au>, User wrote:
>> "Alan Connor" wrote in message
>>
>>> Linux is inherently more secure than XP.
>>> Linux is much less buggy than XP.
>>
>> They appear to be something you just threw into the forest. In fact many
>> linux distros are shipped with (known) bugs in them just to beet other
>> distros to the market.
>
> "Linux is inherently more secure than XP" is of course bull****. What is
> this "inherent-ness"? I say Linux is secure because it has the age-old
> Unix security features that have always been in there.

So you say that I'm posting bull**** and then explain why what I posted
is true.

Re: DDOS attack Microsoft

On Tue, 09 Sep 2003 08:44:51 GMT, User wrote:
>
>
> "Alan Connor" wrote in message
> news:4zd7b.4290$PE6.2538@newsread3.news.pas.earthl ink.net...
>> On Tue, 09 Sep 2003 04:22:11 GMT, Mike Byrns
> wrote:
>
>> I have no cause but truth.
>
> That is your truth only - you still have not provided _proof_ of your claims
>
>> Linux is inherently more secure than XP.
>> Linux is much less buggy than XP.
>
> They appear to be something you just threw into the forest. In fact many
> linux distros are shipped with (known) bugs in them just to beet other
> distros to the market.
>

Moronic statement #12

>> I do NOT want linux to become a consumer product.
>
> So I guess you are saying you do not want users to use the OS. You just
> want it for an elitist little group.

No. I want it to remain a computer, NOT to become a another television, NOT
to see the greatest communucations tool ever invented become the toy of
airhead consumers who would waste it playing games, watching videos, and
listening to music.

Then you want to bag other people who
> give consumers what they want plus you want to bag consumers for asking for
> what they want.
>
> What world do you live on?
>

Not yours, thank the gods.

> "I do not want television to be a consumer product".
>

****ing moron.

>> I do NOT want linux to become a corporate business.
>
> So you do not believe people should be reimbursed for their efforts? Linux
> is ALREADY a corporate business. It get sponshorship from everywhere. Its
> just as corpratized as elite sports.
>
>
>
>

SOME distros are corporate products. Few of them.

I have no problems with people making a living from linux, but there is a
vast difference between that and corporate business, where everything is
controlled by greedy and a-moral stockholders and banks and insurance
companies.

Re: DDOS attack Microsoft

On Sun, 07 Sep 2003 19:16:35 GMT, Alan Connor wrote:

[snip]
>
>Yes, I always spot bull****ters (your spelling of UNIX as "Unix" gave you
>away: No UNIX professional would ever do that.)
>
I am one, and I do. If you are also one, then name the main players
consortium who started Unix, and the product that they intended to
build.

Re: M$ attack on Common Sense

I use both Windows and Linux. This last two weeks have been hell on
my Windows system. McAfee has a bug, which they won't even
acknowledge, and I had to switch to Norton Antivirus. Norton's
running fine for now, but I see from the newsgroups that it too has
had problems. I look forward to the day when I can move all my stuff
to Linux, and I expect it will be soon. A little more polish on the
office and business applications, and the day will come.

An alternative future is that Windows catches up with Linux on
security, and then we have a choice of two nice, but fundamentally
different systems. Why is it taking Microsoft so long? I'm looking
for intelligent discussion of this issue in the newsgroups and
websites (search term comp.security). I looked at this thread because
the title was interesting, and there were 17 replies. What I find
here is a childish flame war. I sense, however, that there are some
intelligent people here who can shed some light on this issue.

Let's see if we can redirect this discussion. Here are some possible
answers to my question (in order of plausibility):

1) Technical difficulty. Making Windows as secure as Unix will take
a major overhaul of the most basic levels of the operating system. In
Unix, users are isolated from each other (and the system) by a very
robust access model. All files and processes have an owner. No user
code (even virus code that is run inadvertently) can alter the files
of another user. If viruses were to become prevalent in Linux
systems, users would quickly learn to handle email and surf the
internet only under a username whose files they don't mind losing.
The worst a virus can do is destroy all files belonging to that
username.

2) Virus writers hate Microsoft. Like Al Queda, these losers attack
anyone who is successful. If Linux were the dominant OS, they would
go after Linux instead.

3) Business inertia. The virus problem just hasn't risen to the
level where Microsoft will give it serious attention. This last month
should be a wakeup call.

4) Conspiracy theory. Microsoft somehow benefits from the current
situation. Even though they don't sell anti-virus software, they will
in the future, and they see it as an opportunity to get control of
everyone's computer.http://www.pcmag.com/article2/0,4149,991132,00.asp

Let's not respond to the flames, and see if we can have a discussion
that will actually help people understand what is happening.

- Dave

Re: M$ attack on Common Sense

"Dave" wrote in message
news:a3b19517.0309110654.5db832f9@posting.google.c om...
> 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
> anyone who is successful. If Linux were the dominant OS, they would
> go after Linux instead.

Do virus writers really hate Microsoft or do they just want the biggest bang
for the buck? [Personally I think it is the later. ] I suspect that if Mac
or Linux or anything else were the dominant OS, then that would be the
target, though likely less successfully so.
> 3) Business inertia. The virus problem just hasn't risen to the
> level where Microsoft will give it serious attention. This last month
> should be a wakeup call.

Probably too little too late - maybe WAY too late. MS has paid virtually no
attention to security until very recently. Once you've lost the public's
trust it is really hard to get it back. Combine the DRM of XP, the spyware
issues, MS statements over the years that their goal is to have all software
rented from central servers along with the chronic insecurity and you have a
recipe for a public relations disaster. I have a Linux box, all the
websites I run/own/control are on some variation of Linux, and several PCs -
this one happens to be an XP. Linux is great for some things - but not
children's software and not graphics software and not a bunch of other
stuff. This thing runs all my very spendy Adobe software BUT I AM SICK AND
TIRED OF MESSING WITH IT!!!! So even though it isn't a year old it is being
replaced with an iMac posthaste (have you SEEN those - oh my goodness!http://store.apple.com/1-800-MY-APPL....2.1.1.0.0.1.0)

> 4) Conspiracy theory. Microsoft somehow benefits from the current
> situation. Even though they don't sell anti-virus software, they will
> in the future, and they see it as an opportunity to get control of
> everyone's computer.
> http://www.pcmag.com/article2/0,4149,991132,00.asp

Interesting article. Wouldn't doubt it - Bill's tactics for darned near
forever have seemed to be buy up the competition and freeze what you can't
buy out of the market. Find a truly fantastic program that competes with
the MS half-baked version? Buy it and then burn it.
> Let's not respond to the flames, and see if we can have a discussion
> that will actually help people understand what is happening.
>
> - Dave

Re: M$ attack on Common Sense

On 11 Sep 2003 07:54:07 -0700, Dave wrote:
>
>
> I use both Windows and Linux. This last two weeks have been hell on
> my Windows system. McAfee has a bug, which they won't even
> acknowledge, and I had to switch to Norton Antivirus. Norton's
> running fine for now, but I see from the newsgroups that it too has
> had problems. I look forward to the day when I can move all my stuff
> to Linux, and I expect it will be soon. A little more polish on the
> office and business applications, and the day will come.
>
> An alternative future is that Windows catches up with Linux on
> security, and then we have a choice of two nice, but fundamentally
> different systems.

Why bother? The cost of the effort would make M$ even MORE expensive.

Why is it taking Microsoft so long? I'm looking
> for intelligent discussion of this issue in the newsgroups and
> websites (search term comp.security). I looked at this thread because
> the title was interesting, and there were 17 replies. What I find
> here is a childish flame war. I sense, however, that there are some
> intelligent people here who can shed some light on this issue.
>
> Let's see if we can redirect this discussion. Here are some possible
> answers to my question (in order of plausibility):
>
> 1) Technical difficulty. Making Windows as secure as Unix will take
> a major overhaul of the most basic levels of the operating system. In
> Unix, users are isolated from each other (and the system) by a very
> robust access model. All files and processes have an owner. No user
> code (even virus code that is run inadvertently) can alter the files
> of another user. If viruses were to become prevalent in Linux
> systems, users would quickly learn to handle email and surf the
> internet only under a username whose files they don't mind losing.
> The worst a virus can do is destroy all files belonging to that
> username.
>
> 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
> anyone who is successful. If Linux were the dominant OS, they would
> go after Linux instead.
>

Without anywhere near the success they have now, and it would take
real gurus to write those viruses/worms, and there aren't very many
sickos with the patience and self-discipline to become gurus.

> 3) Business inertia. The virus problem just hasn't risen to the
> level where Microsoft will give it serious attention. This last month
> should be a wakeup call.
>
> 4) Conspiracy theory. Microsoft somehow benefits from the current
> situation. Even though they don't sell anti-virus software, they will
> in the future, and they see it as an opportunity to get control of
> everyone's computer.
> http://www.pcmag.com/article2/0,4149,991132,00.asp
>

Something along those lines is a big part of the truth here.

> Let's not respond to the flames, and see if we can have a discussion
> that will actually help people understand what is happening.
>
> - Dave

Discuss what?

Whether we should bother turning a pathetic OS into one that could never
be equal to UNIX/linux and would, at the end of the process, be even
more expensive?

Whether an essentially fascist/imperialist organization like M$ is
going to become a "good guy"?

Sounds like as big a waste of time as the flaming.

(most of was started by the M$ crowd in an attempt to evade the hard questions)

Re: M$ attack on Common Sense

In message , Dave writes
>websites (search term comp.security). I looked at this thread because
>the title was interesting, and there were 17 replies. What I find
>here is a childish flame war. I sense, however, that there are some
>intelligent people here who can shed some light on this issue.
>
Actually, if you look back to the beginning of the thread, things were
fairly civilised, much more so than the usual MS/Linux state of affairs.
Try to get hold of the complete thread if you can.
--
Joe

Re: M$ attack on Common Sense

"Dave" wrote in message
news:a3b19517.0309110654.5db832f9@posting.google.c om...
> I use both Windows and Linux. This last two weeks have been hell on
> my Windows system. McAfee has a bug, which they won't even
> acknowledge, and I had to switch to Norton Antivirus. Norton's
> running fine for now, but I see from the newsgroups that it too has
> had problems. I look forward to the day when I can move all my stuff
> to Linux, and I expect it will be soon. A little more polish on the
> office and business applications, and the day will come.

Most linux machines I come across have NO antivirus programs installed (even
though there are several free versions available (eg F-Prot, OpenScan etc).
This is not because there are no virii around for linux. Its just that mose
linux users believe they are safe [and many are because they set their box
up to do a specific task then just leave it - users realy use linux boxes on
the desktop].

I guess if you take all your norton and mcafee stuff off you'll be just like
the majority of linux machines so long as you don't let any users touch the
keyboard/mouse!!

Actually there are a lot more viruses written for Linux than the Radio Shack
TRS-80 machine. Why don't you move to the TRS-80? I have not heard of a
single infection in the last half a decade.
> An alternative future is that Windows catches up with Linux on
> security, and then we have a choice of two nice, but fundamentally
> different systems. Why is it taking Microsoft so long? I'm looking
> for intelligent discussion of this issue in the newsgroups and
> websites (search term comp.security). I looked at this thread because
> the title was interesting, and there were 17 replies. What I find
> here is a childish flame war. I sense, however, that there are some
> intelligent people here who can shed some light on this issue.

Its only turned into a flame war by some people who appear to have been
recently introduced to unix like machines and don't know how easily they are
compramised.
> Let's see if we can redirect this discussion. Here are some possible
> answers to my question (in order of plausibility):
> 1) Technical difficulty. Making Windows as secure as Unix will take
> a major overhaul of the most basic levels of the operating system. In
> Unix, users are isolated from each other (and the system) by a very
> robust access model. All files and processes have an owner. No user

Have you seen Windows NT or XP Professional? NTFS supports unix like file
ownership and permissions.
> code (even virus code that is run inadvertently) can alter the files
> of another user. If viruses were to become prevalent in Linux
> systems, users would quickly learn to handle email and surf the
> internet only under a username whose files they don't mind losing.
> The worst a virus can do is destroy all files belonging to that
> username.

This is wrong. The goal of many virus programs these days do not destroy
files. They try to do the following things

The worst many of the viruses can do is empty your bank accounts and spend
your credit to its limit then log into your associates computers and do the
same for them. Passwords/information are more important than files so virii
go for them.

This also defeats the primary security for unix like machines for home
users. The most malicous viruses install keyloggers (which can be done in a
user account) and detect passwords [such as the root passsword]. Most ssh
daemons are set to disallow remote root login and sysadmins are FORCED to
login as a general user and su to root. [this is the case on all
monitorless gateways I know of] Great scheme for a keylogger installed on a
user account. On most linux systems the only way to stop keyloggers from
getting root access is by logging out of the user accout and logging into
the root account at the console each time you want to do something. Not
many people do this because the system allows (and encourages) changing
users on hte fly.

Don't forget that in the home user and small business situation [where a
large proportion of computers reside] the system administrator is also the
primary user.

(This is of course assuming the virus didn't take advantage of a system bug
and used the user web browsing / email etc to install itself as many do)

The really bad thing with linux is that its far easier for virii to remain
hidden. Not many home or small business users use antivrus software on
their linux machines [mainly because the linux zealots promote linux as
being hard/impossible to crack and are lead into a false sense of security].
Furthermore there are rootkits easily available from the net that defeat
most of the linux admin tools. So once its actually installed its far
easier for a virus to remain hidden on a linux box.

Because of the many different configurations available to linux (even one
distributer) if they because as popular as windows it would be difficult to
detect viral activity once a machine is compramised and to eradicate the
virus. Difficulties include:

an inherently network based OS
multiple methods of installing software - no very good installation tracking
a large number of start points for malicous code

further

To provide the same connectivity as windows many linux machines have Samba
installed (which appears to be a copy of the windows system). This is just
as insecure for linux machines as it is for windows as far as speading
viruses go. While Samba share vunerabilities have not been exploited to
spread (copy) viruses amongst linux machines this is probably because not
many linux machines are found on a single subnet these days. (see your next
comment)
> 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
> anyone who is successful. If Linux were the dominant OS, they would
> go after Linux instead.

There is a difference between hating microsoft and going for the maximum
effect from your virus. Most users are Microsoft. Use the TRS80 to be
virus free.
> 3) Business inertia. The virus problem just hasn't risen to the
> level where Microsoft will give it serious attention. This last month
> should be a wakeup call.
> 4) Conspiracy theory. Microsoft somehow benefits from the current
> situation. Even though they don't sell anti-virus software, they will
> in the future, and they see it as an opportunity to get control of
> everyone's computer.
> http://www.pcmag.com/article2/0,4149,991132,00.asp

On the one hand you say M$ don't give it serious attention then suggest that
M$ are developing antivirus strategies.
> Let's not respond to the flames, and see if we can have a discussion
> that will actually help people understand what is happening.

Sure. IMHO its a pity that many
> - Dave

Re: M$ attack on Common Sense

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, I don't usually respond to drivel like this, but I'm board today.
> "Dave" wrote in message
> news:a3b19517.0309110654.5db832f9@posting.google.c om...
> > I use both Windows and Linux. This last two weeks have been hell on
> > my Windows system. McAfee has a bug, which they won't even
> > acknowledge, and I had to switch to Norton Antivirus. Norton's
> > running fine for now, but I see from the newsgroups that it too has
> > had problems. I look forward to the day when I can move all my stuff
> > to Linux, and I expect it will be soon. A little more polish on the
> > office and business applications, and the day will come.
>
> Most linux machines I come across have NO antivirus programs installed (even
> though there are several free versions available (eg F-Prot, OpenScan etc).
> This is not because there are no virii around for linux. Its just that mose
> linux users believe they are safe [and many are because they set their box
> up to do a specific task then just leave it - users realy use linux boxes on
> the desktop].
>From the F-Prot web site, these are the numbers of virii it scans for:
41381 DOS/Windows
266 Unix/Linux

So, which OS would you like to be running. I didn't look at the
definitions, but I'd be willing to bet that most of the 266 Unix/Linux
(Note that not all Unix virii can effect Linux and vice versa, so there
are actually less then 266 that could possible effect Linux) exploited older
versions and would not effect more recent installations.

More to the point the reason for having F-Prot is to scan for windows
virii, if you don't run Windows, you don't need to be doing that, now do
you?

A google search for `virus OpenScan' Produced 0 results, and one for
`"Open Scan" virus' Produced nothing relevant, so I'm going to wager you
were mistaken about that one. OpenScan seems to be scanner drivers.

I know.... you said etc, so there must be others! To make a long story
short they mostly scan for windows virii, so that your linux mail server
can prevent your retarded windows users for even having a chance to infect
themselves.

As for use as a desktop I'm sitting at my linux desktop right now (at
work) and I have one at home as well. I know you'll look at my Headers and
see that this came from Solaris, but don't get upset. You see in the Unix
world you can connect to other machines (ssh) and run programs there. Such
as pine, which I use to check E-mail and read news groups.
> I guess if you take all your norton and mcafee stuff off you'll be just like
> the majority of linux machines so long as you don't let any users touch the
> keyboard/mouse!!

Flame bait! This statement is nothing but inflammatory.
> Actually there are a lot more viruses written for Linux than the Radio Shack
> TRS-80 machine. Why don't you move to the TRS-80? I have not heard of a
> single infection in the last half a decade.

More Flame bait.
> > An alternative future is that Windows catches up with Linux on
> > security, and then we have a choice of two nice, but fundamentally
> > different systems. Why is it taking Microsoft so long? I'm looking
> > for intelligent discussion of this issue in the newsgroups and
> > websites (search term comp.security). I looked at this thread because
> > the title was interesting, and there were 17 replies. What I find
> > here is a childish flame war. I sense, however, that there are some
> > intelligent people here who can shed some light on this issue.
>
> Its only turned into a flame war by some people who appear to have been
> recently introduced to unix like machines and don't know how easily they are
> compramised.

Half of that statement is true. I will admit that there are retarded Linux
users, just as there are retarded windows users; windows just has more of
them, but the Linux ones tend to be more vocal. If its so easy to
compromise, why have I had zero problems in the last five years. I used to
work in network security, and I can tell you that only about 5% of the
incidents we got involved Unix or Linux boxes. And most of the ones that
did were hacked (cracked rather, research the difference if you don't
know it) into, not infected by the worm de jour.
> > Let's see if we can redirect this discussion. Here are some possible
> > answers to my question (in order of plausibility):
>
> > 1) Technical difficulty. Making Windows as secure as Unix will take
> > a major overhaul of the most basic levels of the operating system. In
> > Unix, users are isolated from each other (and the system) by a very
> > robust access model. All files and processes have an owner. No user
>
> Have you seen Windows NT or XP Professional? NTFS supports unix like file
> ownership and permissions.

The hell it does, My Administrator account cannot read the files from my
user account. Ownership and permission doesn't really matter on a machine
that is designed to be used my a single user, and that single user usually
runs with full privileges. (Yes, I did admit to using windows, I have and
Xpee box as well, so I can play games; it only leaves me feeling slightly
dirty).

I would also wager that most Windows users have no idea what to do with
ownership and permission settings.
> > code (even virus code that is run inadvertently) can alter the files
> > of another user. If viruses were to become prevalent in Linux
> > systems, users would quickly learn to handle email and surf the
> > internet only under a username whose files they don't mind losing.
> > The worst a virus can do is destroy all files belonging to that
> > username.
>
> This is wrong. The goal of many virus programs these days do not destroy
> files. They try to do the following things
>
> 1. Install themselves to run on bootup
> 2. Remain hidden (remove zonealarm, Norton processes etc)
> 3. Try to spread themselves
> 4. Gather information (usually PASSWORDS)
>
> The worst many of the viruses can do is empty your bank accounts and spend
> your credit to its limit then log into your associates computers and do the
> same for them. Passwords/information are more important than files so virii
> go for them.

I'll admit this is true, real harm from virii does not come from damaging
files. But then again, if you are dumb enough to leave all your banking
information and passwords sitting around in those files, you get what you
deserve.
> This also defeats the primary security for unix like machines for home
> users. The most malicous viruses install keyloggers (which can be done in a
> user account) and detect passwords [such as the root passsword].

Granted. Key loggers are quite bad.
> Most ssh
> daemons are set to disallow remote root login and sysadmins are FORCED to
> login as a general user and su to root. [this is the case on all
> monitorless gateways I know of]

Gee, since most sysadmins are "forcing" this on themselves, I bet its
really not a bad thing. In fact I force myself to do this, why had I never
though of opening up the root logging to the network so I could be more
vulnerable. Oh, but I do have public-key authentication on for the root
account (actually that only on the machines behind my firewall, and not on
the firewall itself), so I can log directly into the root account with no
password ever typed. Also, people should be in the habit of sudo-ing
things which still only exposed your password and not the root users. It is
important to note that you cannot (with just a user privilege) grab the
password during login, since that process is run by root. So a key grabber
has to wait for you to login to something else to get your password, if
you never do that (and there are many ways to avoid it, and still be
fully productive) you have defeated it.

Admittedly this takes more time and effort to set up, but in the long run
you are safer, more secure in your authentication, and actually use your
password less.
> Great scheme for a keylogger installed on a
> user account. On most linux systems the only way to stop keyloggers from
> getting root access is by logging out of the user accout and logging into
> the root account at the console each time you want to do something. Not
> many people do this because the system allows (and encourages) changing
> users on hte fly.

There is no venerability in changing users "on the fly". Even XP lets you
do this, and MacOS 10.3 will as well.
> Don't forget that in the home user and small business situation [where a
> large proportion of computers reside] the system administrator is also the
> primary user.

And your point here is?
Actually most computers are in large businesses, banks, insurance,
airlines, etc. Most windows machines are at home and in small business
(hopefully this will change in the future).
> (This is of course assuming the virus didn't take advantage of a system bug
> and used the user web browsing / email etc to install itself as many do)

I'm not sure I follow you here. What exactly do you mean by install? In
general on Unix/Linux you just run programs. "Installation" just means
putting them in a particular place so they are easy to find (not junking
up some magic centralized registry). Even so the user could not "install"
the program system wide (a root thing to do), and even though they could
set the permissions so that every one could run the program, they would
still have to run it to be infected/compromised. Any one who just runs
things haphazardly gets what they deserve.
> The really bad thing with linux is that its far easier for virii to remain
> hidden. Not many home or small business users use antivrus software on
> their linux machines [mainly because the linux zealots promote linux as
> being hard/impossible to crack and are lead into a false sense of security].
> Furthermore there are rootkits easily available from the net that defeat
> most of the linux admin tools. So once its actually installed its far
> easier for a virus to remain hidden on a linux box.

Anti-virus dispelled above. There are rootkit checkers available. When
your system is acting odd, unlike windows this is not expected on
Unix/Linux, You shut it down, then reboot off known good media, RedHat
recovery, Knopix, Gentoo, etc.. Then run the rootkit checker, this is
arguably virus scan for linux, and yes perhaps it should be done routinely
by more people. Rootkits can only defeat the tools on the system that was
infected, if you boot from known good media, they are easy to spot.

The way these root kits work is by overwriting common system utilities so
that these utilities will not show the existence of the root kit. The
problem with this is they usually change the metadata of those system
files, so when certain files that _never_ change are now 30x bigger and
have a change date of yesterday (instead of the install date of the
system) you see large red flags waving.
> Because of the many different configurations available to linux (even one
> distributer) if they because as popular as windows it would be difficult to
> detect viral activity once a machine is compramised and to eradicate the
> virus. Difficulties include:

These claims make no sense.
> an inherently network based OS
This is somehow better then an OS that is kludged onto the internet?
> multiple methods of installing software - no very good installation tracking
Installation was covered above. Good users on any system should document
on their own what they installed and when. There are tools available that
will show changes in the file system.
> a large number of start points for malicous code
What does this mean?!?!?
> further
>
> To provide the same connectivity as windows many linux machines have Samba
> installed (which appears to be a copy of the windows system). This is just
> as insecure for linux machines as it is for windows as far as speading
> viruses go. While Samba share vunerabilities have not been exploited to
> spread (copy) viruses amongst linux machines this is probably because not
> many linux machines are found on a single subnet these days. (see your next
> comment)

Misleading wording. Samba is what windows supports out of the box, and
since it is such a pain to add NFS or AFS to it, and most of todays Linux
distributions support samba out of the box, samba is what is used to
connect to Windows boxes. This is not and cannot, for any number of
reasons, be a "copy of the windows system" (however you want to define
system).
>From http://us1.samba.org/samba/samba.html
Samba is an Open Source/Free Software suite that provides seamless file
and print services to SMB/CIFS clients. Samba is freely available under
the GNU General Public License.

It is simply away to communicate. The exploitations happen in Microsoft's
implementation of the SMB/CIFS protocols. And even if Samba on Linux were
vulnerable, what good would it do to force it to run windows code?
> > 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
> > anyone who is successful. If Linux were the dominant OS, they would
> > go after Linux instead.
>
> There is a difference between hating microsoft and going for the maximum
> effect from your virus. Most users are Microsoft. Use the TRS80 to be
> virus free.

Yes, I imagine a large reason virii are written for Windows, is because
there in a larger population to infect. I also believe that it even if it
is not easier to write malware for windows, there are more holes to
exploit, again a larger target population.
> > 3) Business inertia. The virus problem just hasn't risen to the
> > level where Microsoft will give it serious attention. This last month
> > should be a wakeup call.
>
> > 4) Conspiracy theory. Microsoft somehow benefits from the current
> > situation. Even though they don't sell anti-virus software, they will
> > in the future, and they see it as an opportunity to get control of
> > everyone's computer.
> > http://www.pcmag.com/article2/0,4149,991132,00.asp
>
> On the one hand you say M$ don't give it serious attention then suggest that
> M$ are developing antivirus strategies.

These were all hypotheses, there is no reason to assume the author believes
them all to be correct.
> > Let's not respond to the flames, and see if we can have a discussion
> > that will actually help people understand what is happening.
>
> Sure. IMHO its a pity that many

Re: M$ attack on Common Sense

Hi,
> As for use as a desktop I'm sitting at my linux desktop right now (at
> work) and I have one at home as well. I know you'll look at my Headers and
> see that this came from Solaris, but don't get upset. You see in the Unix
> world you can connect to other machines (ssh) and run programs there. Such
> as pine, which I use to check E-mail and read news groups.

Connecting to other machines and running programs there is not a Unix only
feature.
You can do that on Windows too...

Mac?

Regards,
Manoj

Re: M$ attack on Common Sense

On Fri, 12 Sep 2003 20:04:24 +0530, Manoj Paul Joseph wrote:
>
>Connecting to other machines and running programs there is not a Unix only
>feature.
>You can do that on Windows too...
>
>Mac?

You can do it on anything with a network connection of some sort and at
least something akin to telnet or better. That pretty much includes all
machines from old 8bit clunkers upwards (and probably downwards as
well).

Of course, being able to be connected to and have programs run on you
has been much more the preserve of the unix/vms systems until recently.

Re: M$ attack on Common Sense

OK I'll play (and in the 'tone' that you want this debate to head in)
I'll ignore the spelling mistake for the moment....

Opps I didn't ignore it..... ;-)

It's *BORED* That's B O R E D.....

Doesn't your Linux news reader support a spelling checker?
>> "Dave" wrote in message
>> news:a3b19517.0309110654.5db832f9@posting.google.c om...
>>> I use both Windows and Linux. This last two weeks have been hell on
>>> my Windows system. McAfee has a bug, which they won't even
>>> acknowledge, and I had to switch to Norton Antivirus. Norton's
>>> running fine for now, but I see from the newsgroups that it too has
>>> had problems. I look forward to the day when I can move all my
>>> stuff to Linux, and I expect it will be soon. A little more polish
>>> on the office and business applications, and the day will come.
>>
>> Most linux machines I come across have NO antivirus programs
>> installed (even though there are several free versions available (eg
>> F-Prot, OpenScan etc). This is not because there are no virii around
>> for linux. Its just that mose linux users believe they are safe
>> [and many are because they set their box up to do a specific task
>> then just leave it - users realy use linux boxes on the desktop].
>
>> From the F-Prot web site, these are the numbers of virii it scans
>> for:
> 41381 DOS/Windows
> 266 Unix/Linux
> So, which OS would you like to be running. I didn't look at the
> definitions, but I'd be willing to bet that most of the 266 Unix/Linux
> (Note that not all Unix virii can effect Linux and vice versa, so
> there
> are actually less then 266 that could possible effect Linux)
> exploited older versions and would not effect more recent
> installations.

FYI:
Linux Still Less Secure Than Windows
On the flip side of the coin, I should point out that Linux still
suffers from far more security bugs and other vulnerabilities than
Windows does. Researchers at mi2g Intelligence Unit (http://mi2g.com),
which has been tracking and verifying computer-based vulnerabilities
since 1995, say that in August 67 percent of all successful and
verifiable attacks against servers targeted Linux, compared with just
23.2 percent that targeted Windows--and August was the month during
which SoBig.F and MSBlaster hit.

Furthermore, 12,892 e-business sites running Linux were successfully
breached during that month, compared with just 4626 sites running
Windows. Windows vulnerabilities get more press because more people run
Windows on the desktop, so any Windows-based worms or viruses will
generally affect a far larger group of individuals.
But anyone who thinks that jumping to Linux is a cure-all should think
again. Even if you don't consider the usage numbers, everyone's
favourite open-source poster boy is still a huge target for attackers.
An often-irreverent look at some of the week's other stories, by
[Paul Thurrott http://www.winnetmag.com]
> More to the point the reason for having F-Prot is to scan for windows
> virii, if you don't run Windows, you don't need to be doing that, now
> do you?
> A google search for `virus OpenScan' Produced 0 results, and one for
> `"Open Scan" virus' Produced nothing relevant, so I'm going to wager
> you were mistaken about that one. OpenScan seems to be scanner
> drivers.
> I know.... you said etc, so there must be others! To make a long story
> short they mostly scan for windows virii, so that your linux mail
> server can prevent your retarded windows users for even having a
> chance to infect themselves.
> As for use as a desktop I'm sitting at my linux desktop right now (at
> work) and I have one at home as well. I know you'll look at my
> Headers and see that this came from Solaris, but don't get upset. You
> see in the Unix world you can connect to other machines (ssh) and run
> programs there. Such as pine, which I use to check E-mail and read
> news groups.

From my Network World daily e-mail newsletter:

NETWORK WORLD NEWSLETTER: JASON MESERVE ON VIRUS AND BUG PATCH ALERT
09/11/03
Today's focus: Another Blaster-like vulnerability
In this issue:

Buffer overflow vulnerability in pine
iDefense has found a couple of buffer problems in the pine e-mail
client. Both of the flaws could be exploited to run arbitrary code on
the affected machine. Pine Version 4.58 fixes the problem. For more, go
to:
iDefense advisory:

How to obtain Pine updates:

Red Hat update:

Slackware update:

Red Hat patches flaw in GtkHTML
Red Hat is reporting a flaw in GtkHTML, the HTML rendering engine for
the Evolution e-mail reader. A user could get the application to point
to a null pointer, causing the system to crash. For more, go to:

SCO releases Samba update for OpenServer
A flaw in SCO's Samba implementation for OpenServer could be exploited
by a remote user to gain root access to the affected machine. The
updated binaries can be found here:

Nearly *every day* this e-letter list OSS/Linux vulnerabilities that it
does for any MS OS or application.....

Then there are these websites (just a few of many note) which need to be
*ESSENTIAL and REQUIRED* reading of anyone running OSS/Linux....

And your's aren't?
>> Actually there are a lot more viruses written for Linux than the
>> Radio Shack TRS-80 machine. Why don't you move to the TRS-80? I
>> have not heard of a single infection in the last half a decade.
> More Flame bait.

From you as well......
>>> An alternative future is that Windows catches up with Linux on
>>> security, and then we have a choice of two nice, but fundamentally
>>> different systems. Why is it taking Microsoft so long? I'm
>>> looking for intelligent discussion of this issue in the newsgroups
>>> and websites (search term comp.security). I looked at this thread
>>> because the title was interesting, and there were 17 replies. What
>>> I find here is a childish flame war. I sense, however, that there
>>> are some intelligent people here who can shed some light on this
>>> issue.
>> Its only turned into a flame war by some people who appear to have
>> been recently introduced to unix like machines and don't know how
>> easily they are compramised.
> Half of that statement is true. I will admit that there are retarded
> Linux users, just as there are retarded windows users; windows just
> has more of them, but the Linux ones tend to be more vocal.

Far more vocal. Just read COLA (comp.os.linux.advocacy) for a few days
for evidence of that
> If its so
> easy to compromise, why have I had zero problems in the last five
> years.

You mean like I have for the last *twelve years running various versions
of Microsoft OS'es and applications?
> I used to work in network security, and I can tell you that
> only about 5% of the incidents we got involved Unix or Linux boxes.
> And most of the ones that did were hacked (cracked rather, research
> the difference if you don't
> know it) into, not infected by the worm de jour.

Anecdotal experiences are interesting, but hardly count as factual
evidence that generally applies to everyone.....
>>> Let's see if we can redirect this discussion. Here are some
>>> possible answers to my question (in order of plausibility):
>>> 1) Technical difficulty. Making Windows as secure as Unix will
>>> take a major overhaul of the most basic levels of the operating
>>> system. In Unix, users are isolated from each other (and the
>>> system) by a very robust access model. All files and processes
>>> have an owner. No user
>> Have you seen Windows NT or XP Professional? NTFS supports unix
>> like file ownership and permissions.
> The hell it does, My Administrator account cannot read the files from
> my user account. Ownership and permission doesn't really matter on a
> machine that is designed to be used my a single user, and that single
> user usually runs with full privileges. (Yes, I did admit to using
> windows, I have and Xpee box as well, so I can play games; it only
> leaves me feeling slightly dirty).

My turn; Flame bait......
It's interesting that you choose to see using a computer running an OS
as some sort of 'moral indiscression' on your part.
It's a typical comment and response of a OSS/Linux zealot.

It's just a *computer running an OS*........
> I would also wager that most Windows users have no idea what to do
> with ownership and permission settings.

I would wager most Linux users have to set ownership and permissions
just to make their OS boot.....
See I can make stupid comments about millions of other people I dont
know as well. See how easy it is to do things like THAT......
>>> code (even virus code that is run inadvertently) can alter the files
>>> of another user. If viruses were to become prevalent in Linux
>>> systems, users would quickly learn to handle email and surf the
>>> internet only under a username whose files they don't mind losing.
>>> The worst a virus can do is destroy all files belonging to that
>>> username.
>> This is wrong. The goal of many virus programs these days do not
>> destroy files. They try to do the following things
>> 1. Install themselves to run on bootup
>> 2. Remain hidden (remove zonealarm, Norton processes etc)
>> 3. Try to spread themselves
>> 4. Gather information (usually PASSWORDS)
>> The worst many of the viruses can do is empty your bank accounts and
>> spend your credit to its limit then log into your associates
>> computers and do the same for them. Passwords/information are more
>> important than files so virii go for them.
> I'll admit this is true, real harm from virii does not come from
> damaging files. But then again, if you are dumb enough to leave all
> your banking information and passwords sitting around in those files,
> you get what you deserve.

For *anyone* using a computer........
>> This also defeats the primary security for unix like machines for
>> home users. The most malicous viruses install keyloggers (which can
>> be done in a user account) and detect passwords [such as the root
>> passsword].
> Granted. Key loggers are quite bad.

On *any* computer running *any* OS......
>> Most ssh
>> daemons are set to disallow remote root login and sysadmins are
>> FORCED to login as a general user and su to root. [this is the case
>> on all monitorless gateways I know of]
> Gee, since most sysadmins are "forcing" this on themselves, I bet its
> really not a bad thing. In fact I force myself to do this, why had I
> never though of opening up the root logging to the network so I could
> be more vulnerable. Oh, but I do have public-key authentication on
> for the root account (actually that only on the machines behind my
> firewall, and not on the firewall itself), so I can log directly into
> the root account with no password ever typed. Also, people should be
> in the habit of sudo-ing
> things which still only exposed your password and not the root users.
> It is important to note that you cannot (with just a user privilege)
> grab the password during login, since that process is run by root. So
> a key grabber has to wait for you to login to something else to get
> your password, if
> you never do that (and there are many ways to avoid it, and still be
> fully productive) you have defeated it.

But it *can* happen right? Right.....
> Admittedly this takes more time and effort to set up, but in the long
> run you are safer, more secure in your authentication, and actually
> use your password less.

So how many OSS/Linux users do you think take the time to set it up, as
opposed to those that have bought the 'belief' that, hey they're running
Linux, they're safe, nothing like that can happen to them......
>> Great scheme for a keylogger installed on a
>> user account. On most linux systems the only way to stop keyloggers
>> from getting root access is by logging out of the user accout and
>> logging into the root account at the console each time you want to
>> do something. Not many people do this because the system allows
>> (and encourages) changing users on hte fly.
> There is no venerability in changing users "on the fly". Even XP lets
> you do this, and MacOS 10.3 will as well.

It's called ease of use, and just like in Linux, if the PC is secure
then changing users isn't a great security risk....
>> Don't forget that in the home user and small business situation
>> [where a large proportion of computers reside] the system
>> administrator is also the primary user.
> And your point here is?

That they are the primary user......
> Actually most computers are in large businesses, banks, insurance,
> airlines, etc. Most windows machines are at home and in small business
> (hopefully this will change in the future).

>> (This is of course assuming the virus didn't take advantage of a
>> system bug and used the user web browsing / email etc to install
>> itself as many do)
> I'm not sure I follow you here. What exactly do you mean by install?
> In general on Unix/Linux you just run programs. "Installation" just
> means putting them in a particular place so they are easy to find
> (not junking
> up some magic centralized registry). Even so the user could not
> "install" the program system wide (a root thing to do), and even
> though they could set the permissions so that every one could run the
> program, they would still have to run it to be infected/compromised.
> Any one who just runs things haphazardly gets what they deserve.

ANYONE who does.......
>> The really bad thing with linux is that its far easier for virii to
>> remain hidden. Not many home or small business users use antivrus
>> software on their linux machines [mainly because the linux zealots
>> promote linux as being hard/impossible to crack and are lead into a
>> false sense of security]. Furthermore there are rootkits easily
>> available from the net that defeat most of the linux admin tools.
>> So once its actually installed its far easier for a virus to remain
>> hidden on a linux box.
> Anti-virus dispelled above.

Hardly.... See above.
> There are rootkit checkers available. When
> your system is acting odd, unlike windows this is not expected on
> Unix/Linux, You shut it down, then reboot off known good media, RedHat
> recovery, Knopix, Gentoo, etc.. Then run the rootkit checker, this is
> arguably virus scan for linux, and yes perhaps it should be done
> routinely by more people. Rootkits can only defeat the tools on the
> system that was infected, if you boot from known good media, they are
> easy to spot.
> The way these root kits work is by overwriting common system
> utilities so that these utilities will not show the existence of the
> root kit. The problem with this is they usually change the metadata
> of those system files, so when certain files that _never_ change are
> now 30x bigger and have a change date of yesterday (instead of the
> install date of the
> system) you see large red flags waving.

See above.
Open source critics also argue that open source can lead to a false
sense of security. They say that just because the source code is
available doesn't guarantee that anyone is reading it. Nor does it mean
that all the bugs have been found and fixed. Many users install and use
open source software without ever looking at the code. They assume
someone else has already scanned it for possible vulnerabilities.
Undetected bugs have lingered in some popular open source packages for
years. This is a legitimate concern.
But make no mistake, simply being open source is no guarantee of
security.
Elias Levy, "Wide Open Source"http://online.securityfocus.com/news/19

>> Because of the many different configurations available to linux
>> (even one distributer) if they because as popular as windows it
>> would be difficult to detect viral activity once a machine is
>> compramised and to eradicate the virus. Difficulties include:
> These claims make no sense.

Yes they do.....
>> an inherently network based OS
> This is somehow better then an OS that is kludged onto the internet?

What OS would that be?
>> multiple methods of installing software - no very good installation
>> tracking
> Installation was covered above. Good users on any system should
> document
> on their own what they installed and when. There are tools available
> that will show changes in the file system.

And all OSS/Linux users are 'good' users?
Or do they (you) just use app get (whatever that command is) and install
whatever update or patch because you heard it was required without
having a clue what it is that you're installing....
>> a large number of start points for malicous code
> What does this mean?!?!?

I can understand what he means; Why cant you?.
>> further
>> To provide the same connectivity as windows many linux machines have
>> Samba installed (which appears to be a copy of the windows system).
>> This is just as insecure for linux machines as it is for windows as
>> far as speading viruses go. While Samba share vunerabilities have
>> not been exploited to spread (copy) viruses amongst linux machines
>> this is probably because not many linux machines are found on a
>> single subnet these days. (see your next comment)
> Misleading wording. Samba is what windows supports out of the box, and
> since it is such a pain to add NFS or AFS to it, and most of todays
> Linux distributions support samba out of the box, samba is what is
> used to connect to Windows boxes. This is not and cannot, for any
> number of reasons, be a "copy of the windows system" (however you
> want to define system).
>> From http://us1.samba.org/samba/samba.html
> Samba is an Open Source/Free Software suite that provides seamless
> file
> and print services to SMB/CIFS clients. Samba is freely available
> under
> the GNU General Public License.
> It is simply away to communicate. The exploitations happen in
> Microsoft's implementation of the SMB/CIFS protocols. And even if
> Samba on Linux were vulnerable, what good would it do to force it to
> run windows code?

See the list of OSS/Linux websites that update at least once a week, if
not more often, all the vulnerabilities and flaws in Linux/OSS.....
For a secure OS, and applications, there sure are a LOT of
vulnerabilities and flaws listed....
>>> 2) Virus writers hate Microsoft. Like Al Queda, these losers
>>> attack anyone who is successful. If Linux were the dominant OS,
>>> they would go after Linux instead.
>> There is a difference between hating microsoft and going for the
>> maximum effect from your virus. Most users are Microsoft. Use the
>> TRS80 to be virus free.
> Yes, I imagine a large reason virii are written for Windows, is
> because there in a larger population to infect. I also believe that
> it even if it is not easier to write malware for windows, there are
> more holes to exploit, again a larger target population.

To repeat:
See the list of OSS/Linux websites that update at least once a week, if
not more often, all the vulnerabilities and flaws in Linux/OSS.....
For a secure OS, and applications, there sure are a LOT of
vulnerabilities and flaws listed....
>>> 3) Business inertia. The virus problem just hasn't risen to the
>>> level where Microsoft will give it serious attention. This last
>>> month should be a wakeup call.
>>> 4) Conspiracy theory. Microsoft somehow benefits from the current
>>> situation. Even though they don't sell anti-virus software, they
>>> will in the future, and they see it as an opportunity to get
>>> control of everyone's computer.
>>> http://www.pcmag.com/article2/0,4149,991132,00.asp
>> On the one hand you say M$ don't give it serious attention then
>> suggest that M$ are developing antivirus strategies.
> These were all hypotheses, there is no reason to assume the author
> believes them all to be correct.

Hypotheses are generally proposed as something the proposer believes
will or should happen....
>>> Let's not respond to the flames, and see if we can have a discussion
>>> that will actually help people understand what is happening.
>> Sure. IMHO its a pity that many
> Hopefully this will advance a sensible discussion.

You're off to a bad start then Aaron.....

BTW How come your sig fails to follow the recommended usenet guidelines
(that so many OSS/Linux users insist everyone has to follow):

a.. No more than four lines. Occasionally called the "4-line McQuary
limit".
b.. Use "-- " as the beginning marker.
Net etiquette (the "netiquette") and practice dictate about four lines
at a maximum. This is a sensible and commendable restriction. But
contrary to the common belief and frequent claims its nature is that of
a recommendation. For example RFC 1855 Netiquette Guidelines by
CyberNOTHING state "If you include a signature keep it short. Rule of
thumb is no longer than 4 lines." (The "-- " beginning marker is not
counted as one of the four lines.) Likewise A Primer on How to Work With
the Usenet Community states "Don't Overdo Signatures". [Underlining is
mine.] Furthermore, on the technical level some programs and ISPs
automatically limit the signature length to the said four lines.